According to Barracuda’s latest report, with 79% of organisations using Office 365 and many more looking at migrating in the near future, cybercriminals are exploiting the tech giant’s popularity and trusted reputation to trick victims of their social engineering attacks.
Titled Spear Phishing: Top Threats and Trends Vol. 6 – Insights into attackers’ evolving tactics and who they’re targeting, the report found that 43% of all phishing attacks involve the impersonation of Microsoft brands.
It also revealed that while CEOs and CFOs are the most targeted – on average receiving 57 and 51 phishing emails per year respectively – attackers are now broadening their sights with 77% of Business Email Compromise (BEC) attacks now targeting employees outside of financial and executive roles.
“Cybercriminals are getting sneakier about who they target with their attacks, often targeting employees outside the finance and executive teams, looking for a weak link in your organisation,” said Don MacLennan, SVP, Engineering & Product Management, Email Protection, Barracuda.
“Targeting lower-level employees offers them a way to get in the door and then work their way up to higher value targets. That’s why it’s important to make sure you have protection and training for all employees, not just focus on the ones you think are the most likely to be attacked.”
Barracuda’s latest report draws from research conducted over the period of one year, between May 2020 and June 2021, which involved the analysis of more than 12 million spear phishing and social engineering attacks impacting more than 3 million mailboxes at over 17,000 organisations.
Key findings include:
- An average organisation is targeted by over 700 social engineering attacks each year of which phishing accounts for the large majority (49%), followed by scamming (39%).
- 43% of phishing attacks impersonate Microsoft, while WeTransfer (18%), DHL (8%) and Google (8%) are also popular brands with attackers.
- 1 in 10 social engineering attacks is business email compromise (BEC).
- 77% of BEC attacks target employees outside of financial and executive roles.
- 1 in 5 BEC attacks target employees in sales roles.
- IT staffers receive an average of 40 targeted phishing attacks in a year.
